General discussion


Unix file encrypt accessible to Windows

By DanLM ·
I am putting in place a CVS repository that will reside on a Mac OS X server accessible by the application staff via ssh and pserver. I strongly suggested, and they agreed that we put in place a backup procedure that is automated. This backup procedure looks to be a shell script running on the mac server which will tar and gzip the directories, and then copy them to a network drive. They raised the concern that these files be protected on the network drive so that others could not access their source code(sloppy code resides with hard coded passwords to db in it).
Also, the person that will be admin in charge of the CVS isn't highly technical, so the restore procedure needs to be fairly straight forward.
I have mapped the CVS directory to her home directory she has mounted on her windows machine. I was hoping to allow the restore procedure to be as simple as her pointing at the backup file with winzip, and restoring the directories that way. I know that winzip can open tar.gz, and I also know that winzip has password capabilities.

I do know that pkzip has a server zipping/encryption application, but the license is 1800 and I just can't justify that for a CVS repository.

I'm currently looking at Perl to see if there is anything in cpan. And I'm sure there is, but then I have to make sure this application can be run both on the Mac server and the desktop.

So, my question:
Is there something on unix(preinstalled/open source) that can create a pass word protected file that can be accessible by winzip? If so, can I command line it in a script?


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by stress junkie In reply to Unix file encrypt accessi ...

This doesn't really meet your requirements since it doesn't encrypt individual files. I thought I'd mention it because it works on Windows and Linux and encrypts container files and disk partitions. Maybe you can think of a way to work this into your security model.

For example, if the container file were available via a Windows share then you could access it over the network and then use TrueCrypt to mount the container file on the client computer as a data volume in decrypted mode. That would mean that the container file would only be decrypted on the machines and by the people that were authorized to access it. In fact, since the encryption and decryption happens on the client computers then the data going over the network would be encrypted. Sweet.

Collapse -

Yep, TrueCrypt

by Justin Fielding In reply to TrueCrypt

TrueCrypt is exactly what popped in to my mind too. If you search my blog you'll find some more info on it.

Collapse -

a couple answers

by apotheon In reply to Unix file encrypt accessi ...

You might try using GPG (GnuPG), an open source encryption tool very similar to the infamous PGP. It handles more than one type of encryption, including PGP encryption. There are Perl modules in CPAN that will encrypt/decrypt in the GPG/PGP idiom. There are Windows variants of GPG that you can use, as well, so you don't have to write encryption/decryption scripts in Perl. There are also Windows versions of the tar utility, so you could manage .tar.gz compressed archives on the Windows machine. The easy way to set it up would be to write a shell script or similar (Perl might be a good idea, just because of its cross-platform homogeneity for both Windows and Unix) that simply calls the GPG encryption utility and the tar utility.

Another alternative is to simply install PuTTY, a free remote access tool, which installs on Windows and can act as an SSH client to log into a remote Unix system. Your backup administrator could log in via SSH using PuTTY, then run a prewritten shell script that uses the tar and GPG utilities on the Unix system where you're storing backups.

Here are a couple of articles I've written that may offer ideas about how to proceed:

Hopefully that'll get you moving in the right direction.

Collapse -

What I have done so far is.

by DanLM In reply to a couple answers

She currently has a login to the Mac server where the CVS repository resides. I have done a ln -s from where the repository is to her home directory, so she can actually see the CVS repository's.
You know, I was thinking of having this backup procedure occur every night at say midnight so nobody has to worry about it. But, I could do something from her windows machine and run it through the scheduler.
I should look into this, I never did any dos scripts. but the concept is basically the same as shell scripts. define variables, use utilities already installed.
And thank you about the gnuPG, I had seen that but never went further with the research.


Collapse -

a sugestion

by dawgit In reply to What I have done so far i ...

1. make sure you have a seperate Win. partition for your package. (should be in FAT32 also)
2. Check out Windows Services for Unix (sfu)(at: ) They have a program (server actually) that helps their Windows play better with others. (works on XP-Pro & Win. Servers) it come with some goodies too. Worth the price (free) with what you get. (now, why don't they just build right in the first place?
... Hope that helps (a little)-d

Collapse -

well, waht I know is on these 2000 desktops is

by DanLM In reply to a sugestion

ActivePerl. I don't think the install was done right, but I can execute perl from the desktop. That's why I consider the cpan modules a valid option.

In that I'm contracting or am temporary, I am uncomfortable suggesting that they install new software on their desktops. All though, I think I could win the issue of a cpan module. I'm looking around for something maybe we can compile to that Mac server too. Maybe something that is compatible with winzip with regard to password. Mac is basically a modified bsd box anyway, so I'm going to look that way also.


Collapse -

Stick with ZIP

by jim.peterson In reply to Unix file encrypt accessi ...

There are a lot of "free" solutions available for encrypting data but the time it takes to install, learn and configure their operation makes $1800 seem like a bargain.? ZIP is the best format for storing data across any platform. I'd suggest sticking with a ZIP solution since you can archive, compress, secure and send in a single command that fits easily into any script.? This is a lot easier than messing with tar, gzip, and pgp especially across the range of platforms you describe, and the files can be decrypted by WinZIP.

Also, PKZIP has a feature that allows you to use both password encryption and certificate encryption in the same step.? If your user is not technical, you can easily apply a simple password encryption method that should be simple enough for that user to manage while also adding a certificate at the same time so you, as the administrator, can always be certain you can recover the data.? Certificates are available from VeriSign for about $19. If the value of the data in your CVS repository is significant to your company, then it makes sense to invest in a solution that is secure, easy to implement and easy to use.

Jim Peterson
Chief Scientist

Collapse -


by apotheon In reply to Stick with ZIP

That's some pretty good advertising copy, there.

Collapse -

$1800? Are you serious?

by stress junkie In reply to Stick with ZIP

"...the time it takes to install, learn and configure their operation makes $1800 seem like a bargain..."

Your advertising copy seems to suggest that there is no requirement to install, learn, and configure PKWare. What you really mean is that in addition to that investment of time, which comes with any solution, PKWare has the additional requirement of paying $1800. I don't see how that make $1800 seem like a bargain. I'm thinking really really hard but I just don't see it.

Collapse -

Its an execelent product stress

by DanLM In reply to $1800? Are you serious?

I can vouch to that from experience. We used it on our mainfraim when I worked at the state. But there we had mutiple interface's that utilized it for encrypting. And we were tryint to protect sensitive data going over the internet.

Where I am now, we just want to keep backed up code from the prying eyes of staff. I just don't think(actualy I know) justify the cost for the use.


Related Discussions

Related Forums